Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one of a mobile profile and an application for an enterprise and a cloud-based system; installing the one of the mobile profile and the application on the mobile device; connecting to a network using the one of the mobile profile and the application; and having traffic content inspected and policy enforced thereon to/from the mobile device and the network via the cloud-based system.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
2. The non-transitory computer-readable medium of claim 1, wherein the traffic includes both browser and application generated traffic.
This invention relates to network traffic analysis, specifically a system for processing and analyzing network traffic data. The problem addressed is the need to efficiently handle and interpret diverse types of network traffic, including both browser-generated and application-generated traffic, to improve network monitoring, security, and performance optimization. The invention involves a non-transitory computer-readable medium storing instructions that, when executed, enable a computing device to process network traffic data. The system is designed to distinguish and analyze different types of traffic, including web browser activity (e.g., HTTP/HTTPS requests) and traffic generated by standalone applications (e.g., API calls, background processes). By categorizing and parsing this traffic, the system can identify patterns, detect anomalies, and provide insights into network usage. The solution includes mechanisms for capturing, filtering, and interpreting traffic data from multiple sources, ensuring accurate classification of traffic types. This allows for more precise monitoring of network behavior, improved threat detection, and better resource allocation. The system may also integrate with existing network management tools to enhance their functionality by providing detailed traffic analytics. The invention is particularly useful in environments where both browser and application traffic coexist, such as enterprise networks, cloud computing platforms, and IoT ecosystems. By accurately distinguishing between traffic types, the system enables more effective network management and security measures.
3. The non-transitory computer-readable medium of claim 1, wherein traffic is one of blocked and allowed based on any of the content and the policy.
A system for network traffic management analyzes incoming data packets to determine whether to block or allow them based on their content and predefined policies. The system processes network traffic by inspecting packet headers and payloads to identify relevant information, such as source/destination addresses, protocols, and application-layer data. It then compares this information against a set of rules or policies that define acceptable or restricted traffic patterns. The policies may include criteria such as allowed IP addresses, prohibited keywords, or specific application protocols. The system dynamically applies these rules to decide whether to permit or deny traffic, ensuring compliance with security or operational requirements. This approach enhances network security by preventing unauthorized access or malicious activity while maintaining legitimate communication flows. The system may also log traffic decisions for auditing or further analysis. By integrating content inspection with policy-based filtering, the system provides a flexible and adaptive solution for managing network traffic in real-time.
5. The non-transitory computer-readable medium of claim 1, wherein the policy includes detection of confidential data being sent from the mobile device to the network.
A system monitors and controls data transmission from mobile devices to networks, focusing on detecting and preventing unauthorized sharing of confidential information. The system includes a policy enforcement module that analyzes outgoing data from the mobile device to identify confidential data, such as personal, financial, or proprietary information, before it is transmitted to the network. The policy enforcement module applies predefined rules to determine whether the data meets criteria for confidentiality, such as specific data patterns, file types, or metadata. If confidential data is detected, the system can block the transmission, log the event, or trigger additional security measures. The system may also include a user interface to allow administrators to configure detection policies, adjust sensitivity levels, and review alerts. The solution addresses the problem of accidental or malicious leakage of sensitive information from mobile devices, ensuring compliance with data protection regulations and organizational security policies. The system operates in real-time, providing immediate feedback to users and administrators when potential breaches are detected.
6. The non-transitory computer-readable medium of claim 1, wherein the policy includes any of data usage, time-of-day, location, type of website, use of a particular application on the mobile device, and a black list of websites.
7. The non-transitory computer-readable medium of claim 1, wherein the content is inspected for malicious content.
A system and method for inspecting digital content for malicious elements. The technology operates in the domain of cybersecurity, specifically focusing on detecting and mitigating threats within digital files, documents, or data streams. The problem addressed is the increasing sophistication of malicious content, such as malware, viruses, or malicious scripts, which can evade traditional security measures. The invention provides a solution by analyzing content for indicators of compromise, suspicious patterns, or known malicious signatures. The inspection process involves scanning the content for predefined malicious elements, such as executable code, embedded scripts, or malicious payloads. The system may also employ heuristic analysis, behavioral detection, or machine learning techniques to identify potential threats that do not match known signatures. Once detected, the malicious content can be quarantined, blocked, or flagged for further review. The inspection may occur in real-time during data transfer, storage access, or execution, ensuring proactive threat detection. The system is designed to integrate with existing security frameworks, such as firewalls, antivirus software, or endpoint protection systems, to enhance overall security posture. The invention aims to improve the accuracy and efficiency of threat detection while minimizing false positives, thereby reducing the risk of cyberattacks.
8. The non-transitory computer-readable medium of claim 7, wherein the inspecting content includes any of detecting a security risk including any of malware, spyware, viruses, email spam, data leakage, phishing content, Trojans, and botnets.
11. The method of claim 10, wherein the traffic includes both browser and application generated traffic.
12. The method of claim 10, wherein traffic is one of blocked and allowed based on any of the content and the policy.
13. The method of claim 10, wherein the steps further include receiving a notification to from the cloud-based system based on any of the content and the policy.
A system and method for managing data access and notifications in a cloud-based environment addresses the challenge of efficiently monitoring and controlling data usage while providing timely alerts to users. The invention involves a cloud-based system that processes content and applies predefined policies to determine access permissions and generate notifications. The system receives and analyzes content, such as files, documents, or user-generated data, and evaluates it against stored policies, which may include security rules, compliance requirements, or usage restrictions. Based on this evaluation, the system grants or denies access to the content and generates notifications to inform users or administrators about policy violations, access attempts, or other relevant events. The notifications are sent to users or administrators to ensure awareness of data-related activities and compliance status. This method enhances data security, compliance monitoring, and user awareness in cloud-based environments by automating policy enforcement and notification delivery. The system may also log access events and policy violations for auditing and reporting purposes. The invention improves efficiency by reducing manual oversight and ensuring consistent policy application across the cloud-based system.
14. The method of claim 10, wherein the policy includes detection of confidential data being sent from the mobile device to the network.
15. The method of claim 10, wherein the policy includes any of data usage, time-of-day, location, type of website, use of a particular application on the mobile device, and a black list of websites.
A method for managing mobile device usage based on configurable policies to control access to digital content and applications. The method addresses the problem of excessive or unauthorized mobile device usage by implementing restrictions that can be customized according to various criteria. These criteria include data usage limits, time-of-day restrictions, location-based access controls, website categorization, application-specific usage rules, and blacklisted websites. The policy enforcement system monitors device activity and applies predefined rules to block or restrict access when conditions are met. For example, a policy may prevent access to social media applications during work hours or block access to blacklisted websites regardless of time or location. The method ensures compliance with organizational or personal usage guidelines, enhancing productivity and security. The system dynamically adjusts restrictions based on real-time conditions, such as detecting a user's location or the type of content being accessed. This approach provides flexible and adaptive control over mobile device usage, addressing concerns related to privacy, security, and productivity.
16. The method of claim 10, wherein the content is inspected for malicious content.
A system and method for inspecting digital content to detect malicious activity involves analyzing data packets or files in transit or at rest to identify potential threats. The method includes receiving content from a network or storage medium, processing the content through a security analysis module, and determining whether the content contains malicious code, malware, or other harmful elements. The inspection process may involve signature-based detection, heuristic analysis, behavioral monitoring, or machine learning techniques to assess the content's safety. If malicious content is detected, the system can take automated actions such as blocking transmission, quarantining the file, or alerting administrators. The method may also integrate with existing security frameworks to enhance threat detection capabilities. The system is designed to operate in real-time or batch processing modes, ensuring comprehensive coverage of digital content across various environments. The goal is to prevent security breaches, data leaks, and unauthorized access by proactively identifying and mitigating malicious content before it causes harm.
17. The method of claim 16, wherein the inspecting content includes any of detecting a security risk including any of malware, spyware, viruses, email spam, data leakage, phishing content, Trojans, and botnets.
This invention relates to cybersecurity systems that inspect digital content for security risks. The method involves analyzing content to identify and mitigate threats such as malware, spyware, viruses, email spam, data leakage, phishing content, Trojans, and botnets. The inspection process may include scanning files, network traffic, or communications for malicious patterns, unauthorized data transfers, or deceptive content designed to exploit users or systems. The system may employ signature-based detection, behavioral analysis, or heuristic techniques to identify threats. Once detected, the system can block, quarantine, or flag the content for further review. The method may also integrate with other security measures, such as firewalls or intrusion detection systems, to enhance threat prevention. The goal is to provide comprehensive protection against a wide range of cyber threats, ensuring data integrity and system security. The inspection process may be applied to various digital environments, including endpoints, networks, and cloud-based systems, to detect and neutralize security risks before they cause harm.
18. The method of claim 10, wherein the steps further include allowing or disallowing various functions implemented locally on the mobile device based on mobile device management from the cloud-based system.
20. The mobile device of claim 19, wherein traffic is one of blocked and allowed based on any of the content and the policy.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 8, 2021
November 1, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.